---
- hosts: frontend
  vars:
        apt:
                packages:
                        - { package: "haproxy", state: present }
                        - { package: "hitch", state: present }
                        - { package: "varnish", state: present }
        systemd:
                services:
                        - { name: "haproxy", enabled: true, action: reloaded, daemon_reload: true}
                        - { name: "hitch", enabled: true, action: reloaded, daemon_reload: true}
                        - { name: "varnish", enabled: true, action: reloaded, daemon_reload: true}
                overrides:
                        - "haproxy"
                        - "hitch"
                        - "varnish"
        haproxy:
                socketroot: "/run/haproxy"
                config: "/etc/haproxy/haproxy.cfg"
                user: "nobody"
                group: "nogroup"
                ports:
                        https: 443
                        tcp:
                                - {expose: 2442, proxy: 2443, group: "dev"}             # Gitea SSH
                                - {expose: 6400, proxy: 6401, group: "social"}          # Mumble
                                #- {expose: 25565, proxy: 25575, group: "minecraft"}    # Minecraft 
                public:
                        # These are load balanced, it doesn't matter what IP they point to
                        - {domain: "dev-stats", service: "grafana", httpchk: true}
                        - {domain: "dev-gitea", service: "gitea", httpchk: true}
                        - {domain: "dev-transmission", service: "transmission", httpchk: false}
                        - {domain: "dev-sd", service: "seedown", httpchk: true}
        varnish:
                backend:
                        sock: '{{ haproxy.socketroot }}/haproxy.sock'
                frontend:
                        sock: '/var/run/varnish.sock'
                        user: '_hitch'
                        group: '_hitch'
                        mode: '660'
                jail:
                        user: 'varnish'
        hitch:
                backend:
                        sock: '{{ varnish.frontend.sock }}'
                user: '_hitch'
                group: '_hitch'
                frontend:
                        port: 443
        vault:
                - "hitch"
  roles:
        - vault
        - apt
        - haproxy
        - varnish
        - hitch
        - systemd